Organisations are gearing up for the Digital Operational Resilience Act (DORA), which will take effect on January 17, 2025. DORA aims to ensure that businesses, especially in IT and finance, are resilient to operational disruptions. The concept of "operational resilience" varies slightly by industry but generally includes incident management, data protection, privacy, cyber threats, vulnerability management, and business continuity.
DORA is not the first regulation addressing resilience. In a recent blog, NTT DATA’s VP for digital transformation, Matt Leach, emphasised that organisations must be "perpetually resilient" to handle constant global, economic, and competitive changes. Supporting this, NTT DATA’s Innovation Index shows a significant improvement in companies’ readiness for disruption, with fewer firms seeing major impacts from crises like natural disasters and pandemics.
The COVID-19 pandemic accelerated digital transformation, forcing companies to quickly adapt their critical processes and IT systems. Business continuity planning became a continuous effort, reshaping policies, enhancing secure remote access, and strengthening supply chains. This experience has improved companies’ confidence in their resilience, positioning them better to meet DORA’s demands.
To comply with DORA, companies need to evaluate and enhance their resilience against ICT-related incidents. The regulation mandates actions across multiple dimensions, such as cybersecurity, incident reporting, and business continuity. DORA emphasises a clear understanding of critical business services, processes, and IT systems, highlighting how technical debt and operational risks impact resilience.
DORA’s approach is two-fold: “above the line,” which involves identifying and understanding risks, and “below the line,” which mandates actions to strengthen governance, cybersecurity, and response capabilities. Proactive steps, like ongoing training and digital transformation, can reduce exposure to risks. The pandemic's lessons and long-standing industry practices provide a strong foundation for DORA, but organisations are encouraged to assess their readiness now as they prepare for full compliance.
To read the full article on Tech Central see here